I am really new into certificates and find it quite difficult to achieve what I have in mind. Let me have a self-signed certificate generated with openSSL. What are the steps I should follow in RHEL in order to have that certificate become trusted? Is there any difference in procedure between .pfx and .crt? Can you also provide me with some details on TA, CA private/pub keys and their role in certification process?
1
votes
1 Answers
2
votes
The canonical way is the update-ca-trust command line interface. To add another root CA, put it as a file PEM or DER file into /etc/pki/ca-trust/source/anchors and run update-ca-trust extract. On Red Hat Enterprise Linux 6, you may also have to run update-ca-trust enable because this way of managing CA certificates is not enabled by default.
Please review the update-ca-trust manual page for background information. System certificate store management is a complex topic.
